Many typical computer networks, such as those associated with corporations or other organizations, are used to enable various users (who are typically employees, consultants or other persons working with or for the organization) to have access to one or more computer networked applications which are part of the organization's resources. The computer applications may include typical word processing, spreadsheet, presentation, e-mail, relationship management applications or other types of generic applications, which may or may not have particularized security features associated therewith. The applications provided as part of the organizational resources may additionally or alternatively include various organization specific or organizationally sensitive applications such as accounting applications, planning and marketing applications, resource management applications, training applications, employee management and human resource applications, and other types of applications provided within or as part of the organization to perform various and different tasks useful for some reason for the functioning of the organization. In many cases, these applications have security features associated therewith so that only some of the users associated with the organization have access to the applications or so that some users have only limited access to the application, depending on the user's position, job, title, department, function, etc. within the organization. Thus, in many cases, each user is provided with access to only a limited number of applications used within the organization, and may be provided with only limited access rights or privileges to some or all of the applications accessible by the user.
While managing access by users within an organization to the various applications provided by the organization can be accomplished fairly easily when the organization is small or made up of a single coherent entity, managing user access to various organizational computer assets can become a daunting, time-consuming and tedious task in larger organizations, as larger organizations typically have more users accessing the applications and more applications associated with different tasks or functions within the organization. Larger organizations also, many times, have third party companies or entities who act as partners or representatives to the organization and who thus must have some type of access to the computer applications of the organization. Moreover, employment changes within larger organizations occur more often and are generally not centralized, sometimes making these changes go unreported or unnoticed at higher levels of the organization. In the past, therefore, it has been a cumbersome and somewhat tedious task to track and update (i.e., keep current) the access privileges to be provided to the various users of the organization with respect to each of the organizational computer network assets. In some cases, each separate application on a computer network associated with the organization manages its own list of the users who are able to gain access to the application, and the amount or level of access available for each such user. While this feature provides for a high level of security, it becomes very unwieldy and hard to manage in large organizations, as the access privileges have to be changed on an application by application basis any time a user leaves or joins the organization, and in some cases, any time a user changes positions or roles within the organization. In larger organizations, with a larger number of users and/or a large number of applications, personnel turnover and changes may occur frequently, making it difficult or time consuming to update the security access features of each of the applications.
To overcome this problem, organizations, and more typically large organizations having a large number of applications and/or a large number of employees, set up an organizational wide user profile system which defines, for each user, the identity of the user as well as information about the user, including information defining the various applications and possibly the access or security levels within various applications to which the user should have access. Thereafter, when a particular user attempts to log onto or access an application, a security system associated with the application uses the user profile to determine whether that particular user has the proper qualifications or security to gain access to and use the application, either at all or at the requested access level. However, it is still necessary to keep the user profiles up-to-date and accurate so as to prevent users who have left the organization from being able to access the organizational applications, or to ensure that employees who change positions within the organization have the correct access privileges to the applications based on their current position.
As will be understood, changes to the user profiles typically need to be made when an employee leaves the organization, so as to terminate access to all the applications immediately. Additionally, changes to the user profiles may also need to be made when there is a change in a particular employee's position within the organization, as access rights to particular applications and to the specific content within an application is generally determined by one or more attributes of a user's profile, for example, the office ID, division, department, job title, function, skill level, or world area location of the employee. Thus, in many cases, any relevant change to the user's position must be recorded or reflected in the user profile used by the application security system immediately, so that the user's access to content may be reviewed and updated if necessary.
Traditionally, organizations have provided a particular and typically centralized group or department within the organization, such as the human resources (HR) department, the information technology (IT) department, or some other department or group, with the primary responsibility for updating the user profiles used by the application security system to assure correct user access to the organizational applications as employees leave or change positions within the organization. However, especially for larger organizations, the process of manually updating the user profiles at a centralized location or by a particular department can become very tedious and time consuming for those assigned to perform this task. Furthermore, the process of updating user profiles by a group not intimately involved with the users whose profiles are being changed may be fraught with errors and delays. Additionally, with a third party representative, the organization is most like never to know when a user leaves or changes their profile. In particular, in many instances, the HR or IT department is not properly or uniformly informed of changes within the organizational structure that might require changes to one or more user profiles, such as changes in organizational responsibilities, movement of persons within and between departments of the organization, changes in manager/subordinate relationships in various departments of the organization, etc., any or all of which might necessitate a change to the access rights of the particular users effected by the organizational changes. Still further, in large organizations or in organizations with high turnover rates or third party affiliates, the amount of creation and changing of user profiles which occurs due to normal attrition can become quite time consuming and tedious, and is typically a function that is not adequately attended to at scheduled or periodic times due to the ease in which this function can be ignored within the organization. These scenarios may thus lead to a back-log in removing, updating or changing user profiles to adequately reflect the proper information about different users, which changes are needed to assure the correct access to applications or computer network facilities within the organization.
Unfortunately, the failure to provide for the correct security or access privileges to the networked assets of the organization in a timely manner can become, in some instances, quite serious. In particular, improper or untimely updating of the user profiles can lead to the release of trade secrets, confidential technical, marketing and sales information, confidential personal information stored in personnel files, etc., as these lapses in security may be exploited by disgruntled or unscrupulous employees who have left the organization or who have changed positions within the organization, all to the significant detriment of the organization.